You are not logged in.
- Topics: Active | Unanswered
#1 2015-07-22 15:43:08
- eduncan911
- Member
- Registered: 2015-05-02
- Posts: 93
- Website
Arch as Router, Two-Factor VPN, Android/OSX/Windows
Hello! Loving Arch so much on my macbook pro and desktop that I am now wanting to build a router. I've read through the Arch Router wiki.
What setup/packages would you Pros recommend for the following:
* Arch (most likely won't be updating often, to keep it stable) LTS kernel?
* Most native VPN experience across multiple devices (see below)
* Multi-factor (two-factor) VPN, across multiple devices (IPsec IKEv2)
* Dnsmasq (simple of them all, I setup multiple DNS entries for DHCP vpn clients)
* Graphing/logging
* Package Inspection (smart firewalls)
* QoS streaming
"Native VPN Experience" explained
--
One of the reasons I've been using Microsoft PPTPv2 for the past decade is that all devices are compatible with it. Android's native VPN client, OSX native VPN client, Windows 7/8/8.1/10 native VPN clients and so on.
But moving to two-factor authentication, I know I am going to have to leave this native experience and move to some type of apps.
I'll have 13 to 17 devices connecting to it (I've seen up to 7 at a time connected) ranging from Windows Phone, Windows 8.1, Arch, Android phone/tablets, OSX and even Windows Servers.
Two-Factor / Multi-Factor VPN Client
--
One requirement for this overhaul is that I want to enable multi-factor authentication for VPN.
I'm trying to avoid installing 3rd party apps as much as possible (e.g. Junos). Prefer to stick to simple OpenSSH/OpenVPN if that is possible with two-factor (I think it is from what I've Googled so far).
The reason I mention IPsec IKEv2 is that Windows Phone now supports this (nearly) natively with an app from the App store. Why Windows Phone? Streaming Plex remotely.
hardware
--
The box I'll be using is way way overkill for this. But anyhow, I love flexibility.
Atom 8-core @ 2.4 Ghz C2758
4x Intel Pro Gigabit nics
16GB of 1600mhz ram
32GB SSD 6Gbs
Any way to make a special build (kernel?) to utilize the 8 cores for better networking? This C2758 Atom does have "Intel Quickassist", which offloads VPN-type encryption to speed it up (requires a kernel patch, and patching of openssh).
I previously tried to set this up on my Tomato OS router; but, it could not handle the bandwidth over 40 Mbps (pegged the CPU under VPN) over pptp2. I have 150/150 Mbps here, which even un-encrypted I can still only get about 120/90Mbps through it. I want to upgrade to 300/300 Mbps for this streaming; but, I need to overhaul my router setup first which is a good time to think about a new VPN as well.
Thanks!
-E
Last edited by eduncan911 (2015-07-22 15:49:39)
Offline